Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

Daemon

Posted 06 May 2005 - 02:15 PM

Daemon

Security Expert

Retired Staff

4,356 posts

Click here, for instructions on how to enable hidden files and folders to be visible. After enabling, find, zip and send this file:

c:\bsw.exe

to this e-mail address including a link to this thread in the body of the email. It may be OK but I'd like to take a closer look at it - I'll get back to you about it if any further action is required.

Daemon

Posted 08 May 2005 - 10:26 AM

I'm giving you a lot of instructions at once here - after downloading all the files I've linked for you, probably best to print the instructions to save you logging back in repeatedly.

Go to Start>Control Panel>Add or Remove Programs and remove the following programs if found:

Security IGuardVirtual MaidSearch Maid

Exit Add or Remove Programs.

Do this so you can see hidden files and folders - click here to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double click the xphidden.reg and when asked to merge say yes.

Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it.

Select the Delete on reboot option.

In the 'Full Path of File to Delete' box, copy and paste the following, clicking the 'Delete File' button (red circle with a white X) after pasting:

c:\bsw.exe

It will prompt you to reboot, press the NO button. Instead, copy and paste the following and click the 'Delete File' button again:

C:\wp.bmp

When it prompts you to reboot this time, press the NO button again and repeat the process on all these files until the last one has been entered then press the YES button:

Next, click here to download smitfraud.reg and save it to the desktop. When done, double click the smitfraud.reg and click yes when asked to add to the registry.

Reboot your computer again.

Click here to download the Hoster. Extract it from the zip file into a folder and doubleclick on hoster.exe. Press "Restore Original Hosts" and press "OK". Exit the program.

Click here and download DelDomains.inf to your Desktop. Right-click on it and select 'Install'.

Click here to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. You will be prompted to reboot, do so.

Nearly there. HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder.

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

Daemon

Posted 09 May 2005 - 07:30 AM

palmer

Posted 09 May 2005 - 07:44 AM

palmer

New Member

Topic Starter

Member

9 posts

You're really great

Thanks.

It's good now, without any popup or automatically opened browser, but I feel that my startup time is a little bit longer, is it because of many anti-spyware I've installed before to kill that trojan? I was installing scanspyware, ad-aware, spybot, tds-3, and hijackthis. My antivirus is pc-cillin 2002. Could I uninstall some of them and only using antivirus and one anti-spyware (after I upgrade to sp2)?

Oya, one more, is anybody knowing whether I can report the newgenlook.info website owner as a suspect for doing crime over internet or not? If yes, where should I report to? Any internet crime police available?

Daemon

Posted 09 May 2005 - 08:30 AM

Daemon

Security Expert

Retired Staff

4,356 posts

You're welcome - glad to help As for the startups - open Spybot>Mode>Advanced>System Startup and remove the check from the boxes of the applications you don't want to start automatically with the Toggle button.

Internet police - afraid not - if it were only that easy.

To help keep you clean follow the recommendations in Tony's article here:

As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.